In the realm of consumer protection law, plaintiffs’ attorneys employ a wide range of tools to pursue remedies for unlawful or deceptive marketing or sales practices. The Telephone Consumer Protection Act (TCPA) is increasingly being used to bring lawsuits with potential statutory damages totaling millions or even hundreds of millions of dollars. The TCPA generally prohibits the use of automated dialing systems (autodialers) to promote products and services. 47 U.S.C. § 227(b)(1)(A)(iii). The law has taken on increasing appeal in an era of digital advertising and product promotion using text messaging. Companies that do not employ autodialers have generally fallen outside of the TCPA penumbra. But that may have changed. The U.S. Court of Appeals for the Ninth Circuit recently held that companies can now be held vicariously liable for TCPA violations committed by their agents, including vendors, even when the company does not have actual knowledge of the TCPA violation and has no actual control over the practices of the downstream vendor. Therefore, any company using vendors to support the marketing and sale of products through text messaging or mobile devices should take notice.

Last month, a divided Ninth Circuit panel in Henderson v. United Student Aid Funds, Inc., No. 3:13-cv-01845 (9th Cir. Mar. 22, 2019), held that a company could be vicariously liable for alleged TCPA violations committed by its agents. The concept of vicarious TCPA liability is not new. The Federal Communications Commission issued orders in 2008 and 2013 permitting vicarious liability under federal common law agency principles. Henderson takes this concept one big step further and permits liability in situations of “willful ignorance,” where “the principal can ratify the act of a third party—thereby making the third party the principal’s agent—even if it does not know all the material facts, but it must be aware that it does not know the material facts and ratify anyway.” Op. at 10. Under this standard, a company can be vicariously liable for TCPA violations for failure to perform due diligence or not taking affirmative steps to police its vendors.

The facts of Henderson, as highlighted by Judge Jay Scott Bybee in the dissent, illustrate the newfound breadth of vicarious TCPA liability. The defendant, United Student Aid Funds, is a servicer of student loans. United Student Aid Funds hired a second company, Navient, who then hired a debt collection company to collect on loans where the student borrower had defaulted. The debt collection company allegedly violated the TCPA by autodialing defaulting student borrowers on phone numbers they had not provided in connection with their loans (autodialing the provided number is exempt). The record contained no evidence that United Student Aid Funds knew that autodialers were used improperly to call telephone numbers not provided in connection with the loans. Further, United Student Aid Funds randomly audited loan accounts and forwarded complaints of TCPA violations to Navient. The majority held that despite having no authority to hire or fire the debt collectors employed by Navient, United Student Aid Funds could be vicariously liable for their TCPA violations.

The majority in Henderson may have been particularly concerned about the specific industry (student loan debt collection) and the equities (the claims against Navient and the debt collectors were dismissed for lack of personal jurisdiction). Also notable is the court’s reliance on the Restatement of Agency to support the application of derivative liability. Setting this aside, Henderson may not be sui generis. Given the broad range of tools used by plaintiffs’ lawyers and the difficulty in disposing of consumer protection cases through early motion practice, companies should consider due diligence and vendor oversight as countermeasures to limit the risk of liability. This can occur in three phases:

  • Pre-engagement. The company should investigate what methods the vendor or third party uses to communicate with current and potential customers. This process should include the vendor or third party completing a detailed TCPA compliance questionnaire. If any vendors or third parties use autodialers, the company should ensure that they have adequate policies in place to secure and track each recipient’s consent to receive such communications.
  • Engagement. The engagement letter should include certain TCPA-related provisions: (1) representing that the vendor or third party has not violated the TCPA and will not, for the duration of the engagement, violate the TCPA; (2) guaranteeing that the vendor or third party will indemnify the company in any litigation where the company could be vicariously liable for TCPA violations committed by the vendor or third party; and (3) permitting the company to conduct post-engagement certifications or TCPA audits. Failure to comply with these provisions would permit the company to immediately terminate the engagement and seek relief.
  • Post-engagement. The company can require the vendor or third party to certify TCPA compliance annually and permit the company to conduct an audit of TCPA practices and compliance. The company can also implement a telephone and email hotline to receive customer complaints.

Companies may apply the same approaches to their dealings with other vendors in the consumer protection space. Whether the matter involves the TCPA or other third-party marketing, suspected violations should be investigated and should be addressed by proactive measures, which may include terminating the engagement if violations persist.

© 2019 Perkins Coie LLP